Description
A vulnerability has been found in SourceCodester Onlne Examination & Learning Management System and Syllabus-aligned Learning Management and Examination System 1.0. Affected by this issue is some unknown functionality of the file import_users.php. The manipulation of the argument raw_password with the input CICT_2026 leads to use of hard-coded password. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. This product is distributed under two entirely different names.
Published: 2026-06-08
Score: 6.9 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability lies in the import_users.php file where providing the raw_password parameter with the value CICT_2026 forces the system to use a hard‑coded password, allowing an attacker to bypass authentication. The attack can be launched remotely without needing any prior credentials. This flaw exposes the essential authentication mechanism, enabling unauthorized access to administrative and potentially user areas of the application.

Affected Systems

The issue applies to SourceCodester’s Onlne Examination & Learning Management System and Syllabus‑aligned Learning Management and Examination System. No specific version information is supplied in the CVE data, so the scope covers all released versions of these products under the SourceCodester brand.

Risk and Exploitability

The CVSS score is 6.9, indicating medium‑to‑high severity. The exploit can be initiated remotely by sending a crafted raw_password argument to import_users.php. EPSS information is not publicly disclosed, and the vulnerability is not listed in CISA’s KEV catalog. Because the flaw removes any authentication barrier, it is readily exploitable by any actor who can reach the vulnerable endpoint.

Generated by OpenCVE AI on June 8, 2026 at 19:50 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply any available vendor patch or update that removes the hard‑coded password from import_users.php
  • If an immediate patch cannot be applied, restrict access to the import_users.php endpoint by limiting it to trusted administrators through network segmentation or firewall rules
  • Review the application codebase for additional hard‑coded credentials and enforce secure password practices, ensuring that default or static passwords are never present in source or configuration files

Generated by OpenCVE AI on June 8, 2026 at 19:50 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 08 Jun 2026 19:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 08 Jun 2026 18:15:00 +0000

Type Values Removed Values Added
Description A vulnerability has been found in SourceCodester Onlne Examination & Learning Management System and Syllabus-aligned Learning Management and Examination System 1.0. Affected by this issue is some unknown functionality of the file import_users.php. The manipulation of the argument raw_password with the input CICT_2026 leads to use of hard-coded password. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. This product is distributed under two entirely different names.
Title SourceCodester Onlne Examination & Learning Management System import_users.php hard-coded password
First Time appeared Sourcecodester
Sourcecodester onlne Examination Learning Management System
Sourcecodester syllabus-aligned Learning Management And Examination System
Weaknesses CWE-255
CWE-259
CPEs cpe:2.3:a:sourcecodester:onlne_examination_learning_management_system:*:*:*:*:*:*:*:*
cpe:2.3:a:sourcecodester:syllabus-aligned_learning_management_and_examination_system:*:*:*:*:*:*:*:*
Vendors & Products Sourcecodester
Sourcecodester onlne Examination Learning Management System
Sourcecodester syllabus-aligned Learning Management And Examination System
References
Metrics cvssV2_0

{'score': 5, 'vector': 'AV:N/AC:L/Au:N/C:P/I:N/A:N/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 5.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Sourcecodester Onlne Examination Learning Management System Syllabus-aligned Learning Management And Examination System
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-06-08T18:24:02.345Z

Reserved: 2026-06-08T05:18:19.106Z

Link: CVE-2026-11552

cve-icon Vulnrichment

Updated: 2026-06-08T18:23:43.110Z

cve-icon NVD

Status : Received

Published: 2026-06-08T18:16:32.307

Modified: 2026-06-08T18:16:32.307

Link: CVE-2026-11552

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-08T20:00:15Z

Weaknesses